[ISN] Info on DOD/DISA/DEM Software 'hack'

From: mea culpa (jerichot_private)
Date: Thu Apr 23 1998 - 13:43:44 PDT

  • Next message: mea culpa: "[ISN] Unscrupulous Security Firms Prey on Unsuspecting Users"

     [Moderator: Now how hard would this have been for the journalist
      writing the story? <sigh>]
    
     Forwarded From: Mark (Mookie)[SMTP:markt_private]
     Posted To: 	NTBUGTRAQt_private
     Forwarded From: "Prosser, Mike" <Mike_Prossert_private>
     
     From what I can see, the DISA DEM software was/is publically available
     at http://tcoss.safb.af.mil/common/HTML/DSC_support.htm (the link is
     broken though).
     No wonder the feds didn't bother to come after them ;-)
     
     By the looks of ftp://tcoss.safb.af.mil :
     220 tcoss2 Microsoft FTP Service (Version 3.0).
     Name (tcoss.safb.af.mil:root): ftp
     331 Anonymous access allowed, send identity (e-mail name) as password.
     Password:
     230 Anonymous user logged in.
     ftp> dir
     200 PORT command successful.
     150 Opening ASCII mode data connection for /bin/ls.
     11-20-97  05:16PM       <DIR>          ActiveX
     01-27-98  02:47PM       <DIR>          disd
     04-15-98  09:00PM       <DIR>          Disn-W
     03-12-98  08:33PM       <DIR>          DITCO
     04-14-98  01:45PM                    0 dspd8.tmp
     04-17-98  12:20PM       <DIR>          MCI_TCOSS
     04-23-98  06:59AM       <DIR>          PDCBOOK
     03-24-98  08:10PM       <DIR>          R&R
     04-15-98  06:52PM       <DIR>          TSRE
     11-20-97  05:27PM       <DIR>          WinFrame
     ftp> cd Disn-W
     550 Disn-W: Access is denied.
     
     So it appears the "highly technical crack team" just ftp'd the
     software. Wow.
     They fixed the perms on the dir last week.
     
     And what they got:
     
     A software tool set called DEM (Visual Basic Programming based) melds
     the day
     to day network operations and maintenance efforts. DEM provides the
     entire
     RAVN team with a user friendly/graphical based set of tools that allow
     real-time network access for monitoring, control, re-configuration and
     testing of the critical pieces of hardware/software that make up the
     composite RAVN architecture. Both RIMS and DEM data bases are hosted
     on a
     stand alone RAVN server operated and maintained by NTAC personnel. The
     server
     is accessible via a Local Area Network connection and supports up to
     25
     simultaneous users.
     
     Sounds rather useless unless you have the databases of network
     equipment and
     device authentication parameters.
     
     Cheers,
     Mark
     markt_private
     
     
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Dimensional Communications (www.dim.com)
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:51:24 PDT